殷天文 TavenYin

## jwt-expiration.md

      
              1 file
            
          
              59 forks
            
          
              27 comments
            
          
              376 stars
            
          
                soulmachine
                / jwt-expiration.md
            
            
              Last active
              April 9, 2024 04:12
            
              
                How to deal with JWT expiration?
              
          
    First of all, please note that token expiration and revoking are two different things.

Expiration only happens for web apps, not for native mobile apps, because native apps never expire.
Revoking only happens when (1) uses click the logout button on the website or native Apps;(2) users reset their passwords; (3) users revoke their tokens explicitly in the administration panel.

1. How to hadle JWT expiration

A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data.
Quoted from JWT RFC:

  
## ParseRSAKeys.java
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
	import java.io.IOException;
	import java.net.URISyntaxException;
	import java.nio.file.Files;
	import java.nio.file.Paths;
	import java.security.KeyFactory;
	import java.security.NoSuchAlgorithmException;
	import java.security.PrivateKey;
	import java.security.interfaces.RSAPublicKey;
	import java.security.spec.InvalidKeySpecException;
	import java.security.spec.PKCS8EncodedKeySpec;